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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication, 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent temi adjustment. See 37 CFR 1.704(b). 

Status 

1 )^ Responsive to connmunication(s) filed on 01 February 2000 . 
2a)n This action is FINAL, 2b)^ This action is non-final. 

3) 0 Since this application is in condition for allowance except for fomnal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
Disposition of Claims 

4) ^ Claim(s) 1-44 is/are pending in the application. 

4a) Of the above c!aim(s) is/are withdrawn from consideration. 

5) 0 Claim(s) is/are allowed. 

6) ^ Claim(s) 1-44 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) S The specification is objected to by the Examiner. 

10)^ The drawing(s) filed on 01 February 2000 is/are: sM accepted or b)^ objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
1 1 )□ The proposed drawing correction filed on is: a)n approved b)n disapproved by the Examiner. 

If approved, corrected drawings are required In reply to this Office action. 

12) 0 The oath or declaration is objected to by the Examiner. 
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13) n Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 

a)nAll b)n Some*c)n None of: 

1 .□ Certified copies of the priority documents have been received. 

20 Certified copies of the priority documents have been received in Application No. . 

3.n Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) n Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 19(e) (to a provisional application). 

a) D The translation of the foreign language provisional application has been received. 

15) n Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121. 
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DETAILED ACTION 
Specification 

1 . The disclosure is objected to because of the following informalities: The 
specification contains sentence fragments which are unclear, at page 1. line 29; page 6, 
line 2; and page 6, line 24. 

Appropriate correction is required. 



Claim Objections 

2. Claims 20 and 24 are objected to under 37 CFR 1 .75(c), as being of improper 
dependent form for failing to further limit the subject matter of a previous claim. 
Applicant is required to cancel the claim(s), or amend the claim(s) to place the claim{s) 
in proper dependent form, or rewrite the claim(s) in independent form. 

With respect to Claim 20, the language of the claim is identical to that of Claim 18 
from which it depends. 

With respect to Claim 24, the language of the claim is identical to that of Claim 21 
from which it depends. 

3. Claim 30 is objected to because of the following informalities: the claim refers to 
"the method of claim 9," while Claim 9 is claiming an apparatus. Appropriate correction 
is required. 



Claim Rejections - 35 USC §112 

4. The following is a quotation of the second paragraph of 35 U.S.C. 112: 
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The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

5. Claims 13-14, 18-20, 23. 26-27. 32-37. and 43 are rejected under 35 U.S.C. 112. 

second paragraph, as being indefinite for failing to particularly point out and distinctly 

claim the subject matter which applicant regards as the invention. 

Claim 13 recites the limitation "said user" in line 23. There is insufficient 
antecedent basis for this limitation in the claim. For purposes of applying the prior art, it 
is assumed that this refers to the "known party" of Claim 10. Further, Claim 14 is 
rejected due to its dependence on rejected Claim 13. 

Claims 18 and 20 recite the limitation "said notification" in line 1 and line 4. 
respectively. There is insufficient antecedent basis for this limitation in the claim. 

Claim 19 recites the limitation "said second condition" in line 3. There is 
insufficient antecedent basis for this limitation in the claim. 

Claim 23 recites the limitation "the prohibited second action" in line 7. There is 
insufficient antecedent basis for this limitation in the claim. 

Claims 26, 27. and 43 recite the limitation "the other individual" in line 12. line 13. 
and line 5, respectively. There is insufficient antecedent basis for this limitation in the 
claims. 

Claims 32 and 33 recite the limitation "the specified user" in line 18 and line 20. 
respectively. There is insufficient antecedent basis for this limitation in the claims. 

Claims 34 and 35 recite the limitation "the specified user" in line 21 and line 23, 
respectively. There is insufficient antecedent basis for this limitation in the claims. For 
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purposes of applying the prior art, it is assumed that this refers to the "known party" of 
Claim 10. 

Claims 36 and 37 recite the limitation "the specified role" in line 24 and line 26, 
respectively. It is unclear whether this refers to the first role or the second role of Claim 
3. 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. Claims 1-9, 21-22, 24-25, 28-30, 40-42. and 44 are rejected under 35 U.S.C. 
103(a) as being unpatentable over Geiger et al, US Patent 6073142, in view of Sandhu, 
"Transaction Control Expressions for Separation of Duties." 

In reference to Claims 1 , 2, and 7, Geiger discloses a method using a database 
of rules to implement organizational policies (column 3, lines 28-30) acting on various 
data objects, including database records and information (column 2, lines 56-67 and 
column 12, lines 35-45). Geiger describes the construction of rules (column 12, line 52- 
column 17, line 2). More specifically, "Each rule describes a specific action to be taken 
when an attribute of a ... data object satisfies an operator with respect to a user-defined 
value" (column 13, lines 18-21). However, Geiger does not give examples of a rule 
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used to specifically preclude a second action upon the occurrence of a first action 
defined as a condition, nor does Geiger use the specific example of separation of duties 
as an organizational policy. 

Sandhu teaches that "Separation of duties is a fundamental technique for 
prevention of fraud and errors" (pg. 282, column 1). An example of separation of duties 
is given wherein a check is prepared by a clerk, the check is approved by a supervisor, 
and the check is issued by a second clerk. This is done to ensure that "different users 
have responsibility and authorization" for each step of the process (pg 282, column 2). 
The separation of duties means that, in this example, "it will take collusion of two clerks 
and a supervisor to perpetrate fraud" (pg 283, column 1 ) whereas, without separation of 
duties, a single person would be more able to commit fraud. The example of preparing, 
approving, and issuing a check is analogous to Claim 7. wherein the rule that is stored 
and utilized in the system prevents the same user from both ordering goods or services 
(a preliminary step to preparing the check) and paying for the goods or services 
(approving and issuing the check). These benefits of the separation of duties are well 
known, and it would be obvious to automate the enforcement of this policy once the 
remainder of the system has been automated. 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to modify the system of Geiger by using its system of rules 
to automate an implementation of a policy of separation of duties, as described by 
Sandhu, in order to prevent fraud and errors (see Sandhu, pg. 282). 
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In reference to Claim 40. the security policy is separation of duties, as described 
above in reference to Claim 1 . 

In reference to Claim 41 , compliance to regulation is generally a legal 
requirement for the company administering such a system. It would be obvious to 
modify the combined system of Geiger and Sandhu, described in reference to Claim 1 , 
to include a policy of compliance to regulation in order to avoid the legal repercussions 
of a failure to comply. 

Further, in reference to Claim 42, the benefits or requirements of privacy of data 
are well known. It would be obvious to modify the combined system of Geiger and 
Sandhu. described in reference to Claim 1 , to include a policy of privacy of data in order 
to gain the benefits of privacy. 

In reference to Claim 5, Geiger discloses an expiration date for a message 
(column 23, line 53-column 24, line 5). Geiger further discloses rules that can state that 
an action is to be taken when "the time parameters... are satisfied" (column 24, lines 
61-64, with a specific example in lines 64-67). 

In reference to Claims 6, 21, and 24, Geiger discloses that, upon returning a 
message to a user, the user is notified, via email, of the reason that the message was 
returned (column 16, lines 10-15). 
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In reference to Claims 22, 25, 28, 29, and 44, Geiger discloses that messages 
may be sent to a "gatekeeper" for further review, if certain conditions are met and 
certain rules apply (see Abstract; Figures 1,3, 4A, and 4B; and column 3, lines 9-19, for 
example). Specifically in reference to Claims 22 and 25, Geiger discloses that the 
gatekeeper is notified, via email, of the reason that the message was sent on to the 
gatekeeper (column 16, lines 10-15). Further, Geiger discloses that a message may be 
sent on to another employee if a message matches certain properties (column 3, lines 
53-61). Specifically in reference to Claims 28 and 29, Geiger discloses that a message 
may be forwarded to a specific individual based on matching certain properties (column 
3, lines 53-61 , and column 7, Table 7, for example) where this could be the user's 
manager or an employee responsible for data security. Specifically in reference to 
Claim 44, Geiger discloses that the gatekeeping function may be an automated 
computer process (column 24, lines 6-14). 

In reference to Claims 3 and 4, Sandhu discloses a further limitation for 
separation of duties: once an action has been performed by one user, a second action 
can only be performed by certain other users. Specifically, for the example of 
preparing, approving, and issuing a check, after a clerk has prepared the check, only a 

0 

supervisor may approve the check. Similarly, once the supervisor has approved the 
check, only a second clerk may issue the check. If a clerk attempts to approve the 
check, or a supervisor attempts to approve the check, then the system should reject the 
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attempt (page 283, columns 1-2). Specifically in reference to Claim 4, in the example 
described, the roles of the two users are different, specifically supervisor and clerk. 

In reference to Claim 8, Geiger discloses a system which includes a file of rules 
(Figure 2, Rule Base 270, and Figure 3, Gatekeeping Rule Base 289) and means for 
reading said file, locating said rules, and integrating said rules into the system (Figure 2, 
Rule Engine 210, and Figure 3, Rule Engine 283). However, Geiger does not give 
examples of rules used to prevent a specified data transaction by a user after a user 
has effected a specified transaction to modify data. 

Sandhu teaches that "Separation of duties is a fundamental technique for 
prevention of fraud and errors" (pg. 282, column 1). An example of separation of duties 
is given where the same individual cannot be responsible for preparing, approving, and 
issuing a check, as described with reference to Claims 1 , 2, and 7 above. The benefits 
of the separation of duties are well known, and it would be obvious to automate the 
enforcement of this policy once the remainder of the system has been automated. 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to modify the system of Geiger by using its system of rules 
to automate an implementation of a policy of separation of duties, as described by 
Sandhu, in order to prevent fraud and errors (see Sandhu, pg. 282). 



In reference to Claim 9, Geiger discloses an expiration date for a message 
(column 23, line 53-column 24, line 5). Geiger further discloses rules that can state that 
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an action is to be taken when "the time parameters... are satisfied" (column 24, lines 
61-64, with a specific example in lines 64-67). Further, it would be obvious to eliminate 
rules from the system once there is some condition or time period indicating that a rule 
is no longer valid in order to keep system resources available. 

In reference to Claim 30, Sandhu describes that a history of the objects acted 
upon is created (pg 283, column 2) and that separation of duties can be enforced by 
keeping such history information (pg 284, column 2). Geiger discloses that the rules 
may be stored "by any of a number of useful implementing data structures" (column 16, 
lines 42-45). Further, it would be obvious to store eliminated rules for record-keeping 
purposes, and also in the event that a rule might need to be re-used. 

8. Claims 16, 18, and 20 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Geiger in view of Sandhu as applied to claim 1 above, and further in 
view of Scannell, et al, US Patent 5377354. 

In reference to Claim 16, Scannell discloses that a rule can be used as a 
template for other rules, in order to create a "new but similar rule" (column 8, lines 41- 
44). It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify the combined system of Geiger and Sandhu, as 
described above in reference to Claim 1, by allowing for the use of templates for rule 
creation, in order to create "new but similar" rules, as taught by Scannell (see Scannell, 
column 8, lines 41-44). 
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In reference to Claims 18 and 20, Geiger, Sandhu. and Scannell disclose 
everything as applied above to Claim 16. In addition, Geiger further discloses that, 
upon returning a message to a user, the user is notified, via email, of the reason that the 
message was returned (column 16, lines 10-15). 

9. Claims 10, 13-15, 17, and 31 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Geiger, US Patent 6073142, in view of Sandhu, "Lattice-Based 
Access Control Models." 

In rfeference to Claim 10, Geiger discloses a system in which rules are stored 
(Figure 2, Rule Base 270, and Figure 3, Gatekeeping Rule Base 289) and included in 
the system (Figure 2, Rule Engine 210, and Figure 3, Rule Engine 283). However, 
Geiger does not give examples of rules used to prevent a known party from accessing 
information on the condition that the party has knowledge of a particular set of 
information. 

Sandhu teaches that the objective of a Chinese Wall policy "is to prevent 
information flows that result in a conflict of interest for individual consultants" (pg. 17, 
column 2). For example, a consultant should not have access to information about two 
companies of the same type, such as two banks, "because such information creates a 
conflict of interest in the consultant's analysis and is a disservice to clients" (pg. 17, 
column 2). After a consultant has accessed information about one bank, the consultant 
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is prevented from accessing information about an other bank. Further, this prevention 
of access can be removed once information is no longer sensitive, but "should persist 
long enough to avoid a conflict of interest" (pg. 17, column 3). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to modify the system of Geiger by using its system of rules 
to automate an implementation of a Chinese Wall policy, as described by Sandhu. in 
order to prevent a conflict of interest (see Sandhu. pg. 17). 

In reference to Claims 13-14, Geiger discloses that, upon returning a message to 
a user, the user is notified, via email, of the reason that the message was returned 
(column 16, lines 10-15). 

In reference to Claim 15, it is well known that if information has been made 
public, it is no longer sensitive. Further, Sandhu describes that the denial of access to 
information "should persist long enough to avoid a conflict of interest" (pg 17. column 3), 
that is, after a predetermined time, the information would no longer be considered 
sensitive. 

In reference to Claim 17, Geiger discloses that messages may be sent to a 
"gatekeeper" for further review, if certain conditions are met and certain rules apply (see 
Abstract; Figures 1,3, 4A, and 4B; and column 3, lines 9-19, for example). 
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In reference to Claim 31, Geiger discloses that the rules may be stored "by any of 
a number of useful implementing data structures" (column 16, lines 42-45). Further, it 
would be obvious to store eliminated rules for record-keeping purposes, and also in the 
event that a mle might need to be re-used. 

10. Claims 11, 12, 38, and 39 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Geiger in view of Sandhu as applied to claim 10 above, and further in 
view of Scannell, et al, US Patent 5377354. 

In reference to Claim 1 1 , Scannell discloses that a rule can be used as a 
template for other rules, in order to create a "new but similar rule" (column 8, lines 41- 
44). It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify the combined system of Geiger and Sandhu, as 
described above in reference to Claim 10, by allowing for the use of templates for rule 
creation, in order to create "new but similar" rules, as taught by Scannell (see Scannell, 
column 8, lines 41-44). 

In reference to Claim 12, a party known to the system will in general be assigned 
a predetermined role; for example, Sandhu describes users in a consultant role (pg. 17. 
column 2). 
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In reference to Claim 38. it would be obvious not to load a rule until a user in the 
role specified by the rule logs on in order to conserve system memory resources by not 
loading the rule unnecessarily. 

Similarly, in reference to Claim 39, it would be obvious only to test a rule for a 
user in the role specified by the rule, in order to conserve processing resources by not 
testing the rule unnecessarily. 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Zachary A Davis whose telephone number is (703)305- 
8902. The examiner can normally be reached on weekdays 8:30-6:00, alternate 
Fridays off. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory Morse can be reached on (703)308-4789. The fax phone number 
for the organization where this application or proceeding is assigned is (703) 872-9306. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is (703)305- 
3900. 
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